(RADIATOR) Trying to figure out the best way to have multiple authby within a single handler.
Hugh Irvine
hugh at open.com.au
Wed Nov 10 18:00:41 CST 2004
Hello Lanny -
You simply need to use
AuthByPolicy ContinueUntilAccept
if none of the AuthBy clauses accepts the request, it will be rejected
by default.
regards
Hugh
On 11 Nov 2004, at 10:28, Lanny Jason Godsey wrote:
>
> I could use some help on the best way to accomplish the following:
>
> <Handler>
>
> # Try the following AuthBy untill accept or, if none of the 3 accept,
> reject.
> # ContinueAlways?
>
> <AuthBy SQL>
> # Email Only c_type = 1
> Identifier AuthSQL
> DBSource dbi:mysql:database=accountdb;host=mysql.fidalgo.com
> DBUsername username
> DBAuth password
> Timeout 15
>
> AuthSelect select c_password, c_radcheck as radcheck,
> 'Framed-Filter=111.in' as radreply, \
> concat ('#', c_uid, '#') as radclass, date_format(c_expiration, "%%b
> %%d %%Y") as radexpiration \
> from accountdb.t_user where c_username = substring_index(%0, '@', 1)
> and c_type=1 limit 1
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
> </AuthBy>
>
> <AuthBy SQL>
> # Normal Dialup (port 25 filtered outside our /18) c_type = 2
> Identifier AuthSQL
> DBSource dbi:mysql:database=accountdb;host=mysql.fidalgo.com
> DBUsername username
> DBAuth password
> Timeout 15
>
> AuthSelect select c_password, c_radcheck as radcheck,
> 'Framed-Filter=100.in' as radreply, \
> concat ('#', c_uid, '#') as radclass, date_format(c_expiration, "%%b
> %%d %%Y") as radexpiration \
> from accountdb.t_user where c_username = substring_index(%0, '@', 1)
> and c_type=2 limit 1
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
> </AuthBy>
>
> <AuthBy SQL>
> # Unfiltered Dialup c_type = 3 (may have custom radius profile in DB
> for static ip etc...)
> Identifier AuthSQL
> DBSource dbi:mysql:database=accountdb;host=mysql.fidalgo.com
> DBUsername username
> DBAuth password
> Timeout 15
>
> AuthSelect select c_password, c_radcheck as radcheck, c_radreply as
> radreply, \
> concat ('#', c_uid, '#') as radclass, date_format(c_expiration, "%%b
> %%d %%Y") as radexpiration \
> from accountdb.t_user where c_username = substring_index(%0, '@', 1)
> and c_type=3 limit 1
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, GENERIC, check
> AuthColumnDef 2, GENERIC, reply
> </AuthBy>
>
> # Ok, if they were not found and accepted above, reject here (how?).
>
> </Handler>
>
> Thankful for any help! :)
>
> Lanny Jason Godsey
>
> (I originally used jason (or?) godsey <AT at AT> fidalgo.net for the
> list.)
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list